Re: Hacker

To be more specific - IIS 4.0 - barely a product, IIS 5 - everything on by
default (zero trustworthy computing), IIS 6 - lessons learned (decent web
server), IIS 7 - best release ever (true application host).

and 5 is history, 6 is current, 7 and forward is the future.

and OP's is using w2k3 - nothing is ON by default, even with default
installation - no exploits so far on IIS FTP.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.217d1a4fff8366d7989af0@xxxxxxxxxxxxxxxxxxxx
In article <esE32khDIHA.1168@xxxxxxxxxxxxxxxxxxxx>,
qbernard@xxxxxxxxxxxxxxxxxxx says...
yes - more IIS FTP are subjected for break in, but that's NOT because of
the
product.
the issue is the element between the monitor and the chair.

While I somewhat agree with your post, there are MANY people/bots
targeting MS FTP, and all it takes is a simple exploit to be found for
the "element between the monitor and the chair" to be rendered useless.

With the types of 'attempts' that I see daily on our FTP servers (and
clients), they are all directed at MS exploits and security holes.

anything product without proper configuration is subjected to attacks as
well.

Yes, but, the real difference is that MS FTP by default is easy to hack
and has always been that way. Most third party Public Facing services
are not defaulted that way.

Yes, it's completely true that config makes all the difference, but, to
default to open vs secure is the mistake that is common in MS products.

I would love it if something like Vista (and Server 2008) abandoned the
idea that it has to be compatible with older versions/software and was
completely designed to be secure from the starting install.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)


.

Relevant Pages

  • Re: IIS 6.0 FTP
    ... The IIS is running, along with the FTP ... There is no other FTP service on this server. ... I understand your have the order entry program, ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: IIS 6.0 FTP
    ... does not look like the behavior of an IIS FTP server. ... By default, IIS FTP ... using the clients username and password, ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: IIS 6.0 FTP
    ... Internet Information Services (IIS) Manager ... The Security System detected an authentication error for the server ... I doubt IIS FTP has such feature. ... using the clients username and password, ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: IIS 6.0 FTP
    ... if your ftp is working first. ... So, go to the remote machine (which allow to connect to your iis server), go ... The ftp server connection msgs you posted, doesn't look like IIS FTP to me. ... clients are using an order entry program created in Microsoft access. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: IIS 6.0 FTP
    ... if your ftp is working first. ... So, go to the remote machine (which allow to connect to your iis server), go ... The ftp server connection msgs you posted, doesn't look like IIS FTP to me. ... clients are using an order entry program created in Microsoft access. ...
    (microsoft.public.inetserver.iis.ftp)